Fail2ban | 最简单的防止SSH暴力破解的脚本

Basic Overview
We are trying to set up Rate Limiting on our server. we are using Nginx as a webserver and fail2ban for blocking IPs with Iptables. IPtables can block IPs if a request hits direct our Nginx server(in this case $remote_addr is client IP).

But if it comes via some proxy server then proxy server passes client IP in X-Fordwarded-For header and Iptables unable to detect that(in this case $remote_addr is proxy server IP).

Is their some other ways we can block X-Fordwarded-For header IP?
any help will be appreciable

IPtable IP block commmand - iptables -A INPUT -s 111.112.212.112 -j DROP

I'm using a map configuration to block IP addresses with nginx + fail2ban

The sample configuration genrator code in fail2ban repo looks like this :

Here's a log:

I have a lot banned IP from fail2ban log. This have this format:

Have set up fail2ban service on CentOS 8 by this tutorial: https://www.cyberciti.biz/faq/how-to-protect-ssh-with-fail2ban-on-centos-8/.

I have set up settings similiarly according to tutorial above like this:

My Situation at the moment: I'm setting up a mail server and just after getting it to work, the logs are flooded with authentication failed messages from an suspicious iran network trying to login to random accounts.

After some googeling I found out that fail2ban can stop those attacks, but there's one problem: how to use fail2ban in kubernetes? My Ideas:

• I found this plugin for traefik, but it requres the traefik instance to be connected to thei SaaS managment service, what I don't need
• Installing fail2ban on the host: As kubernetes connects multiole nodes, fail2ban on node 1 only gets the logs from this node and cannot block traffik coming in on node 2.

Is there a solution to run fail2ban In kubernetes, maybe linked to the ingress controller, as it is possible with traefik, but without any connection to a SaaS provider?

I have a server (VPS) with the following services:

• email server (postfix/dovecot)
• dns server (bind9)
• http server (nginx)

Fail2ban creates a lot of entries in iptables and this causes the server to become very slow and even sometimes it becomes unreachable and I have to login via the console and flush iptables before I can connect to the server. The used jails are shown below:

• Jail list: dovecot, named-refused, nginx-botsearch, nginx-http-auth, nginx-limit-req, php-url-fopen, postfix, postfix-auth, recidive

95% of bans are triggered by postfix jail. I reduced iptables size by setting recidive jail with : bantime = 7200 findtime = 3600 maxretry = 5 , the system slowness slightly improved but still not enough. My question : - is fail2ban to blame for this slowness? or iptables itself? In a previous project, I had no fail2ban installed and I used iptables with many entries (more entries than what my actual fail2ban creates) and the system was fast.

I appreciate any advice on how can I deal with this fail2ban issue.

I am trying to debug my fail2ban filter and some weird error with respect to my custom datepattern and stumbled upon this documentation. According to that the output of the command fail2ban-regex "2013-09-19 02:46:12 1.2.3.4" "" should show something like:

First, thank you in advance for taking a look. I think I have a very basic mistake somewhere, but I have searched for hours with no result. I am trying to run a proof of concept to expose a container behind a traefik 2.4 reverse proxy at a subdirectory. My DDNS does not allow for subdomains, so I am stuck with subdirectories until I can prove this works.

My problem is every container I stand up is dynamically picked up by traefik and shows up in the dashboard, but the subdirectory gives a 404 error. I have even used PathPrefix with a regex to prevent the ending / error.

Here is my configuration.

Traefik's docker-compose: